Configuring a trusted CA certificate in the Enterprise Connector

If you want the Enterprise Connector web service to be externally accessible using a CA signed certificate, instead of the ION EC self-signed certificate, then complete these requirements:

  1. Add a CA signed identity.
  2. Configure a CA router. You must configure another router in ION EC using the created CA signed identity. This router requires its own https port.
  1. To add a CA signed identity, open the Grid Management UI.
    1. In the Grid Management UI, select Security > Identities.
    2. Click Add New.
    3. Specify the name of the identity. For example, mycompany. To create a new identity, use the procedure as described in "Managing HTTPS identities in the Grid Management Pages" in the Infor ION Grid Security Administration Guide.
  2. To configure a CA router, open the Grid Management UI.
    1. In the Grid Management UI, select Configuration > Routers.
    2. Click Add New.
    3. Specify this information:
      Name
      Specify the router name. For example, CARouter.
      Hosts
      Select All.
    4. In the Proxy section, specify this information:
      Port
      You can leave this field empty.
      Encryption
      Ensure the check box is clear.
    5. In the HTTPS section, specify this information:
      Port
      Specify 443, or another port if this port is in use.
      HTTPS Authentication Type
      Client can authenticate with certificate.
      Encryption
      You can leave the default value.
      WWW Authentication Methods
      You can leave the check box clear.
      Identity
      Specify the identity that you created previously. For example, mycompany.
    6. In the Token Authentication section, specify this information:
      Enable Token Authentication:
      Select this check box to allow Oauth 1.0a authentication for IMS and EC REST calls.
    7. In the Impersonation section, specify this information:
      Enable Impersonation
      Ensure that the check box is clear.
    8. In the HTTP Strict Transport Security (HSTS) section, specify this information:
      Enable Strict Transport Security
      Ensure that the check box is clear.
    9. In the Published Applications section, select all services unless you need to restrict access to a specific service.
      System
      Select the check box.
      IONMessagingService
      Select the check box.
      IONEnterpriseConnector
      Select the check box.
  3. Click Save.